28 Jun

Authenticated Option Deletion Vulnerability in Social Media

Recently we found that the plugin Social Media and Share Icons (Ultimate Social Media) contained an authenticated option deletion vulnerability. The Social Media plugin is based on the code base of that plugin and contained the same vulnerable code. The only difference being that function is named sfsi_plus_DeleteSkin() in this plugin, that is located in the file /libs/controllers/sfsi_iconsUpload_contoller.php.

Proof of Concept

The following proof of concept will delete the siteurl option wp_options table, when logged in to WordPress.

Make sure to replace “[path to WordPress]” with the location of WordPress.

http://[path to WordPress]/wp-admin/admin-ajax.php?action=plus_DeleteSkin&iconname=siteurl

Timeline

  • 6/23/2016 – Developer notified.
  • 6/28/2016 – Version 2.4.6 released, which fixes issue.

Concerned About The Security of the Plugins You Use?

When you order a plugin security review from us we review the plugin for issues that hackers would exploit if the knew about them as well as making sure that that needed security checks have been implemented in the plugin. If you order two reviews you will receive free lifetime subscription to our service.

Leave a Reply

Your email address will not be published. Required fields are marked *